-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathjenkins_stack_trace.bcheck
More file actions
28 lines (20 loc) · 934 Bytes
/
jenkins_stack_trace.bcheck
File metadata and controls
28 lines (20 loc) · 934 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
metadata:
language: v1-beta
name: "Detect Jenkins in Debug Mode with Stack Traces Enabled"
description: "Module identified that the affected host is running an instance of Jenkins in debug mode, as a result stack traces are enabled."
author: "Rodrigo Favarini aka Icebreack / Ewerson Guimaraes aka Crash"
tags: "jenkins, stack trace"
run for each:
potential_path=
`/adjuncts/3a890183/`
given host then
send request called check:
method: "GET"
path: {potential_path}
if (( ( "java.lang.StringIndexOutOfBoundsException" in {check.response.body} ) and "String index out of range" in {check.response.body} )) and ( {check.response.status_code} is "500") then
report issue:
severity: low
confidence: certain
detail: "['https://hackerone.com/reports/221833']"
remediation: ""
end if